How to Setup Fail2ban on Ubuntu Linux
Managing a Linux server means opening it up to the internet. Unfortunately, this also invites hackers to try and guess your password using automated tools. This is called a “brute force” attack. You need a way to stop these constant, annoying login attempts.
Why use Fail2ban? Fail2ban acts like a digital bouncer. It watches your server’s log files for repeated failed login attempts. When it spots a suspicious IP address, it tells your firewall to block that address for a set amount of time. This keeps your server safe and keeps bad actors out.
What happens when done? Your server will automatically detect and block malicious IP addresses. You will have a more secure system that doesn’t need constant manual monitoring.
Install Fail2ban
Fail2ban is easy to get from the standard Ubuntu software list. You will need admin privileges to run these commands.
sudo apt update sudo apt install fail2ban
Once the installation finishes, the service starts on its own. Check if it is running correctly with this command:
sudo systemctl status fail2ban
You should see a status message like this:
● fail2ban.service - Fail2Ban Service
Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor preset: enab>
Active: active (running) since Thu 2021-03-11 15:26:00 CST; 23s ago
Docs: man:fail2ban(1)
Main PID: 2982 (f2b/server)
Tasks: 5 (limit: 4654)
Memory: 13.6M
CGroup: /system.slice/fail2ban.service
└─2982 /usr/bin/python3 /usr/bin/fail2ban-server -xf start
Mar 11 15:26:00 ubuntu2004 systemd: Starting Fail2Ban Service.
Mar 11 15:26:00 ubuntu2004 systemd: Started Fail2Ban Service.Configure Fail2ban
Fail2ban uses configuration files. The main file is located at
sudo cp /etc/fail2ban/jail.{conf,local}/etc/fail2ban/jail.conf. You should never edit this file directly, as updates might erase your changes. Instead, create a copy named jail.local. This file tells the system to use your custom settings instead of the defaults.
Run this command to create your local configuration file (requires admin privileges):
sudo cp /etc/fail2ban/jail.{conf,local}Now, open the file to start editing (requires admin privileges):
sudo nano /etc/fail2ban/jail.local
First, you should add your own IP address to the “whitelist” so you never accidentally lock yourself out. Look for the line to ignore IPs and update it:
ignoreip = 127.0.0.1/8 ::1 10.16.34.67 172.16.1.0/24
Next, adjust how strict your security is by changing these three settings:
- Bantime: How long the IP is blocked (default is 10 minutes).
Code
#"bantime" is the number of seconds that a host is banned. bantime = 10m - Findtime: The window of time to count failed attempts.
Code
#A host is banned if it has generated "maxretry" during the last "findtime" #seconds. findtime = 10m - Maxretry: How many failed tries are allowed before the ban happens.
Code
#"maxretry" is the number of failures before a host get banned. maxretry = 5
Set Up Jails
Fail2ban uses “jails” to watch specific services, like SSH. By default, SSH protection is already on. You can see how the jail is set up in your configuration file:
# SSH servers enable = true bantime = 10m findtime = 10min maxretry = 5 port = ssh logpath = %(sshd_log)s backend = %(sshd_backend)s
After you finish making changes, save the file and restart the service so the new settings take effect (requires admin privileges):
sudo systemctl restart fail2ban
Managing Fail2ban
You can use the Fail2ban client to manage your security. Here are a few common tasks:
- Check the status of your SSH jail:
Bash / Shell
sudo fail2ban-client status sshd
- Unban an IP address that you accidentally blocked:
Bash / Shell
sudo fail2ban-client set sshd unbanip 192.168.1.1
- Manually ban an IP address:
Bash / Shell
sudo fail2ban-client set sshd banip 192.168.1.1
Summary
Fail2ban is a powerful, automated security tool for your Linux server. By installing it and customizing your jail.local file, you protect your system from brute force attacks. You learned how to install the software, create a local configuration, set ban rules, and manage blocked IP addresses using the Fail2ban client. This simple setup significantly improves your server’s security against automated threats.
[1]
[1]
[sshd]
What is Fail2ban and how does it work?
How do I install Fail2ban on Ubuntu?
How can I check if Fail2ban is running?
What configuration files does Fail2ban use?
How do I configure Fail2ban for my needs?
Was this guide helpful?
About the Author
Richard
Tech Writer, IT Professional
Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.
No comments yet — be the first to share your thoughts!